Wed, 18 Feb 2009

This is probably really old news (to some), but was in the company of sattelite TV this weekend and saw that Joe Grand now has a TV Slot all of his own. "Prototype This" looks like it will be awesome..

I spent the rest of the day trying hard to catch the adverts at just the right time to get a pic of Joe, while excitedly saying "i cant believe joe is on TV" to deels to try to convince her that it was a better alternative than going out..

[Of course, the much more reasonable thing to do, would have been to check out their webpage]

Tue, 17 Jun 2008

since forever, i've been told (and told others) that the greatest threat is from the inside. turns out, not so much. verizon business (usa) apparently conducted a four year study on incidents inside their organisation and found that the vast majority, 73%, originated from outside. however, the majority of breaches occurred as a result of errors in internal behaviour such as misconfigs, missing patches etc. (62% of cases).

So attackers are generally outsiders taking advantage of bad internal behaviours, rather than local users finding 0-day. From the exec summary:

In a finding that may be surprising to some, most data breaches investigated were caused by external sources. Breaches attributed to insiders, though fewer in number, were much larger than those caused by outsiders when they did occur. As a reminder of risks inherent to the extended enterprise, business partners were behind well over a third of breaches, a number that rose five-fold over the time period of the study

Other interesting snippets that tie directly back into what we cover when we train, and why we think there is value in not only aiming at sploit-writing and 0-day:

Most breaches resulted from a combination of events rather than a single action.

Intrusion attempts targeted the application layer more than the operating system and less than a quarter of attacks exploited vulnerabilities.

In other words, bite-sized chunks for the win, core/canvas/metasploit are cute but that's not how customers get owned most often in the real world.

Sun, 9 Dec 2007

Dino is the guy who added much shellcode coolness to MetaSploit, gave
the world Karma, released the first virtualization rootkit for Intel
(Vitriol), and gave much credibility to the Matasano crowd while he was
there..

Although he left the consultancy gig, he popped up briefly again during
the year to claim his macbook in the Cansec Hack the Mac challenge and
popped up again to break second-life..

- -snip-
What the exploit does
Once the malicious file has been viewed by the victim, the attacker has
complete control over the victim's computer - and Second Life avatar. At
this point the exploit could make the avatar do anything they like. This
particular exploit freezes the avatar and makes them send the attacker's
avatar twelve Linden dollars and shout "I got hacked".
- -snip-

Full points for style.. and full points for security geek coolness..
- -sigh- im such a fan-boy sometimes..